Additional Materials:

Contact:

The nation's economy and security are heavily dependent on oil, natural gas, and other energy commodities. Al-Qa'ida and other groups with malevolent intent have targeted energy tankers and offshore energy infrastructure because of their importance to the nation's economy and national security. The U.S. Coast Guard--a component of the Department of Homeland Security (DHS)--is the lead federal agency for maritime security, including the security of energy tankers and offshore energy infrastructure. The Federal Bureau of Investigation (FBI) also has responsibilities for preventing and responding to terrorist incidents. This testimony discusses the extent to which (1) the Coast Guard and the FBI have taken actions to address GAO's prior recommendations to prevent and respond to a terrorist incident involving energy tankers and (2) the Coast Guard has taken actions to assess the security risks to offshore energy infrastructure and related challenges. This testimony is based on products issued from December 2007 through March 2011 and recently completed work on the Coast Guard's actions to assess security risks. GAO reviewed documents from the Coast Guard's risk model and relevant laws, regulations, policies, and procedures; and interviewed Coast Guard officials.

The Coast Guard and the FBI have made progress implementing prior recommendations GAO made to enhance energy tanker security. In 2007, GAO made five recommendations to address challenges in ensuring the effectiveness of federal agencies' actions to protect energy tankers and implement response plans. The Coast Guard and the FBI have implemented two recommendations, specifically: (1) the Coast Guard, in coordination with U.S. Customs and Border Protection, developed protocols for facilitating the recovery and resumption of trade following a disruption to the maritime transportation system, and (2) the Coast Guard and the FBI participated in local port exercises that executed multiple response plans simultaneously. The Coast Guard has made progress on a third recommendation through work on a national strategy for the security of certain dangerous cargoes. It also plans to develop a resource allocation plan, starting in April 2012, which may help address the need to balance security responsibilities. However, the Coast Guard and the FBI have not yet taken action on a fourth recommendation to develop an operational plan to integrate the national spill and terrorism response plans. According to DHS, it plans to revise the National Response Framework, but no decision has been made regarding whether the separate response plans will be integrated. Also, DHS has not yet taken action on the final recommendation to develop explicit performance measures for emergency response capabilities and use them in risk-based analyses to set priorities for acquiring needed response resources. According to DHS, it is revising its emergency response grant programs, but does not have specific plans to develop performance measures as part of this effort. The Coast Guard has taken actions to assess the security risks to offshore energy infrastructure, which includes Outer Continental Shelf (OCS) facilities (facilities that are involved in producing oil or natural gas) and deepwater ports (facilities used to transfer oil and natural gas from tankers to shore), but improvements are needed. The Coast Guard has used its Maritime Security Risk Analysis Model (MSRAM) to examine the security risks to OCS facilities and deepwater ports. To do so, the Coast Guard has coordinated with the intelligence community and stakeholders, such as the Department of the Interior's Bureau of Ocean Energy Management, Regulation and Enforcement. However, the Coast Guard faces complex and technical challenges in assessing risks. For example, the Coast Guard does not have data on the ability of an OCS facility to withstand an attack. The Coast Guard generally recognizes these challenges and has actions underway to study or address them. Further, GAO determined that as of May 2011, the Coast Guard had not assessed security risks for 12 of the 50 security-regulated OCS facilities that are to be subjected to such assessments. Coast Guard officials later determined that they needed to add these OCS facilities to MSRAM for assessment and have completed the required assessments. However, while the list of security-regulated facilities may change each year based on factors such as production volume, the Coast Guard's current policies and procedures do not call for Coast Guard officials to provide an annual updated list of regulated OCS facilities to MSRAM analysts. Given the continuing threat to such offshore facilities, revising its procedures could help ensure that the Coast Guard carries out its risk assessment requirements for security-regulated OCS facilities. GAO is recommending that the Coast Guard revise policies and procedures to ensure its analysts receive the annual updated list of regulated offshore energy facilities to ensure risk assessments are conducted on those facilities. The Coast Guard concurred with this recommendation.

Recommendation for Executive Action

Status: Closed - Implemented

Comments: In response to GAO's testimony statement, in December 2011, the Department of Homeland Security (DHS) stated that Coast Guard personnel were coordinating their efforts to ensure that MSRAM analysts had the most up-to-date list of security-regulated OCS facilities. In December 2013, the Coast Guard provided GAO its list of security-regulated OCS facilities and corresponding MSRAM data. We confirmed that all security-regulated OCS facilities had been assessed in MSRAM. According to a statement from Coast Guard officials in November 2013, officials in the Eighth Coast Guard District--which has jurisdiction over OCS facilities in the Gulf of Mexico--coordinate annually to ensure that risk assessments have been conducted on OCS facilities. Specifically, the Prevention and Planning offices both oversee the list of security-regulated OCS facilities, and the Planning office maintains MSRAM data for these facilities. These two offices coordinate to ensure that MSRAM risk assessments are conducted. Coast Guard officials explained that this approach is consistent with the Marine Safety Manual chapter regarding the use of MSRAM, which states that "Commands are encouraged to use the subject matter experts, including Prevention, Response, Planning, and Command Center personnel, to evaluate the components of risk." These actions are consistent with the intent of the recommendation.

Recommendation: To strengthen the Coast Guard's efforts to assess security risks and ensure the security of OCS facilities, the Commandant of the Coast Guard should revise policies and procedures to ensure that MSRAM analysts receive the annual updated list of securityregulated OCS facilities to ensure that risk assessments have been conducted on all such OCS facilities.

Agency Affected: Department of Homeland Security: United States Coast Guard